Category Archives: Azure Active Directory

PTA, AADJ and the “User must change password at next log on” flag

OK, the title has a whole bunch of acronyms which may not be entirely familiar. Actually…if we’re being really picky I should probably say a whole bunch of initialisms, but that would digress into a whole different article when a perfectly good Wikipedia article already exists for that. 🙂 Anyway, PTA is the accepted short form… Read More »

How to change the token lifetime for a SAML 2.0 application with Azure Active Directory

Configurable token lifetimes for Azure Active Directory (AAD) have been available for while now, although the feature is still in public preview.  This article provides details of how to create an access token lifetime policy and how to apply it to an application federated with AAD using SAML 2.0. Before we get started with this, we need to ensure… Read More »

How to modify the AWS Console timeout with Azure Active Directory SAML

This article describes how to configure Azure Active Directory as the SAML Identity Provider (IdP) to change the default AWS Console timeout from 1 hour to a different value. It seems there has been a lot of discussion about how to change the timeout and there is no clear documentation from AWS how to achieve… Read More »

Skype for Business Online and Conditional Access: A Cautionary Tale

Here’s something I discovered recently and would like to share with you.  If you are using Skype for Business Online and want to control access to it using Conditional Access policy, you should be aware that under certain circumstances the control can be completely bypassed. The problem has to do with the fact that Conditional Access… Read More »

How to suppress Skype for Business attribute synchronisation in Azure AD Connect

I recently had a challenge with a customer that had on-premises Skype for Business (SfB) and were looking to migrate to SfB Online. They did not want to federate the two infrastructures, but instead wanted to undertake a re-pointing of users at a given point in time by modifying the DNS records. When they introduced… Read More »

How to resolve ‘The RPC server is unavailable’ error when enabling Seamless Single Sign-On

I hit this problem while working with Azure AD Connect at a customer earlier this week.  The situation was that AAD Connect had already been configured with Pass-Through Authentication, which was working as expected.  The next step was to enable Seamless Single Sign-On, but this failed with the following: ‘Failed to create single sign-on secret… Read More »

Delegate administration to partners using Azure AD B2B Collaboration

This post provides a quick introduction to the features available with Azure Active Directory Business to Business (B2B) Collaboration – currently in Public Preview.  I’ll cover how to add someone outside your organisation to your Azure AD instance, as well  as how to assign administrative privilege over the Azure subscription to the external partner through RBAC… Read More »

How to find your Azure Active Directory Tenant ID

Here are two ways to find the GUID (also referred to as the TenantID) associated with your Azure Active Directory (AAD) instance. 1. Embedded in the URL in the Azure Portal Log into the Azure Portal. Select Active Directory from the left hand pane. Click on the Active Directory instance you are interested in (you… Read More »